The following example policy workflow uses the mark-for-op and marked-for-op filters and
actions to chain together a set of policies to accomplish a task. In this example it
will find any RDS that is older than 14 days that has had no connections to it in the last
14 days and tag it with a delete op and date 14 days out. The policy workflow will also
email the RDS resource owner to inform them of the upcoming stopping and deletion if the
RDS remains unused. If a customer connects to the RDS before the 14 day window it will
get unmarked so it doesn’t get deleted.

Note the use of the notify action requires the Cloud Custodian mailer to be installed
and configured.

vars:metrics-filters:&metrics-filtertype:metricsname:DatabaseConnectionsdays:14value:0op:equalpolicies:-name:rds-unused-databases-notify-step1resource:rdsdescription:|Take the average number of connections over 14 days for databases that are greater than 14days old and notify the resources owner on any unused RDS and mark for delete action in 14 days.filters:-"tag:c7n_rds_unused":absent-type:valuevalue_type:agekey:InstanceCreateTimevalue:14op:greater-than-<<:*metrics-filter-or:-"tag:ResourceContact":present-"tag:CreatorName":presentactions:-type:mark-for-optag:c7n_rds_unusedop:deletedays:14-type:notifytemplate:default.htmlpriority_header:1subject:"RDS-UnusedDatabase-[custodian{{account}}-{{region}}]"violation_desc:"RDSInstancehashadnoconnectionsinthelast2weeksandisunused:"action_desc:|"Actions Taken: Database deletion has been scheduled for 14 days from now.At this point we are just notifying you of the upcoming deletion if not used."to:-CloudCustodian@Company.com-resource-ownertransport:type:sqsqueue:https://sqs.us-east-1.amazonaws.com/12345678900/cloud-custodian-mailerregion:us-east-1-name:rds-unused-databases-notify-step2resource:rdsdescription:|Take the average number of connections over 21days and notify on any unused RDS that have already been marked for deletefilters:-"tag:c7n_rds_unused":present-type:marked-for-optag:c7n_rds_unusedop:deleteskew:7-type:valuevalue_type:agekey:InstanceCreateTimevalue:21op:gte-<<:*metrics-filter-or:-"tag:ResourceContact":present-"tag:CreatorName":presentactions:-type:notifytemplate:default.htmlpriority_header:1subject:"RDS-URGENT-UnusedDatabase-[custodian{{account}}-{{region}}]"violation_desc:|"RDS Instance has had no connections in the last 3 weeks and is unused and will be stoppedhourly in 5 days (if supported by DB type) and then deleted 2 days after its stopped:"action_desc:|"Actions Taken: Hourly database stopping and email will occur in 5 days and deleted will occur in 7 days.At this point we are just notifying you of the upcoming stoppage and deleted if not used"to:-resource-ownertransport:type:sqsqueue:https://sqs.us-east-1.amazonaws.com/12345678900/cloud-custodian-mailerregion:us-east-1-name:rds-unused-databases-stop-and-nag-hourly-step3resource:rdsmode:type:periodicschedule:"rate(1hour)"timeout:300description:|This policy deploys a Lambda function with an hourly CloudWatch Event Schedule trigger.The policy takes the average number of connections over 26 days and stops the RDS andnotifies the resource owner hourly on any of their unused databases that have alreadybeen marked for deletion.filters:-"tag:c7n_rds_unused":present-type:marked-for-optag:c7n_rds_unusedop:deleteskew:1-type:valuevalue_type:agekey:InstanceCreateTimevalue:26op:gte-<<:*metrics-filter-or:-"tag:ResourceContact":present-"tag:CreatorName":presentactions:-type:notifytemplate:default.htmlpriority_header:1subject:"RDS-URGENT!!!-UnusedDatabase!-[custodian{{account}}-{{region}}]"violation_desc:|"RDS Instance has had no connections in the last 26 days and is unusedand will be deleted in less than 48 hours"action_desc:|"Actions Taken: Hourly Stopping of RDS and notify. Deletion will occur in less than48 hours. Please connect to the RDS or snapshot it if you don't need it at this time."to:-resource-ownertransport:type:sqsqueue:https://sqs.us-east-1.amazonaws.com/12345678900/cloud-custodian-mailerregion:us-east-1-name:rds-unused-databases-delete-step4resource:rdsdescription:|Take the average number of connections over 28 days and deleteany unused databases that have already been marked for deletefilters:-"tag:c7n_rds_unused":present-type:marked-for-optag:c7n_rds_unusedop:delete-type:valuevalue_type:agekey:InstanceCreateTimevalue:28op:gte-<<:*metrics-filter-or:-"tag:ResourceContact":present-"tag:CreatorName":presentactions:-type:deleteskip-snapshot:true-type:notifytemplate:default.htmlpriority_header:1subject:"RDS-URGENT!!!-UnusedDatabaseDeleted!-[custodian{{account}}-{{region}}]"violation_desc:"RDSInstancehashadnoconnectionsinthelast28daysandhasbeendeleted."action_desc:"ActionsTaken:RDSInstance(s)havebeendeleted."to:-CloudCustodian@Company.com-resource-ownertransport:type:sqsqueue:https://sqs.us-east-1.amazonaws.com/12345678900/cloud-custodian-mailerregion:us-east-1-name:rds-unused-databases-unmarkresource:rdsdescription:|The policy takes the average number of connections over 14 days and if there are connectionsthen unmark the RDS instance and notify the resource owner.filters:-"tag:c7n_rds_unused":present-type:valuevalue_type:agekey:InstanceCreateTimevalue:14op:gte-type:metricsname:DatabaseConnectionsdays:14value:0op:gt-or:-"tag:ResourceContact":present-"tag:CreatorName":presentactions:-type:unmarktags:["c7n_rds_unused"]-type:notifytemplate:default.htmlpriority_header:1subject:"RDS-PreviouslyUnusedDBUnmarked!-[custodian{{account}}-{{region}}]"violation_desc:|"RDS Instance that previously had no connections for over 2 weeks is now showingconnections and it has been unmarked for deletion."action_desc:"ActionsTaken:RDSInstance(s)havebeenunmarked.Nofurtheractionneeded"to:-CloudCustodian@Company.com-resource-ownertransport:type:sqsqueue:https://sqs.us-east-1.amazonaws.com/12345678900/cloud-custodian-mailerregion:us-east-1